According to several Reddit users, as well as the Have I Been Pwned security site, almost 600 Epic Games accounts have had their passwords and usernames leaked, along with corresponding player inventories. The accounts can be found on Pastebin, a plain text sharing site used to anonymously share documents without going through tracked websites like Google Docs or directly sharing PDF files. If any of the leaked accounts share that same email and password combination elsewhere on the web, those accounts have likely been compromised as well.
Epic has already responded to the leak, claiming its system has not been hacked. Rather, according to an Epic spokesperson, these accounts have both email addresses and passwords in common with other sites that have suffered more explicit data leaks. In addition, the company has flagged the emails associated with the Pastebin accounts, and will force a password reset on the next login in order to protect both users and the company from any additional fraud.
“We have an automated system processing email/password dumps that proactively forces password resets on login, further protecting players,” an Epic employee going by the Reddit username DanDaDaDanDan said.
Players can input their email into Have I Been Pwned to check if their Epic account was affected by the leak, in addition to any previous data breaches or mass email and password pastes. The Epic spokesperson also recommends turning on two-factor authentication, which is offered by many different sites and account systems. Many standard internet browsers, such as Apple’s Safari, also come with built-in password managers and generators that work across multiple devices. Or, if you prefer, you can use non-proprietary tools such as 1Password.
With Fortnite continuing to dominate both the battle royale genre and popular culture, Epic Games accounts tied to valuable Fortnite cosmetics are especially vulnerable to hackers. Make sure your account is locked up tight using some of the tips above.